Virtual hostage

Cyber terrorism and politically motivated computer crime are a big concern for the real world

By Kent Anderson

Our dependence on the Internet and technology demands we ask ourselves a question: What would be the impact on our lives if that technology was disrupted? Many people don’t realize the true scope of the information revolution that has taken place in the past two decades. When we think about our personal reliance on technology, we usually picture access to our Facebook accounts, e-mail and maybe online banking.

We often overlook how dependent basic functions of society and government are on these same technologies. Examples include public transportation, the generation and distribution of electrical power and police communications, to name a few. Without these types of services, access to our personal e-mail or Twitter would be the least of our problems.

The risk is real for a malicious and intentional disruption of basic infrastructure but, unfortunately, the problem is poorly understood and too often the subject of hyperbole by both the media and security professionals with a “solution” to sell. First, we should be clear about what we are talking about. To call any significant crime or attack on the Internet “cyber terrorism” is misleading. It is important to differentiate between an environmental activist defacing a company’s website as a form of protest from a traditional terrorist group disrupting the operations of a nuclear power plant. Both are politically motivated computer crimes, but the impacts from each are completely different and, likewise, our response to each should be appropriate. Labeling both as “cyber terrorism” only confuses the issue.

With that distinction in mind, the threat from politically motivated computer crime is real and growing. However, contrary to some reports, this is not a new phenomenon. The earliest politically motivated network attacks can be traced back to the 1980s, when German “hackers” attempted to steal information from the computer systems of drug and chemical companies to show complicity in environmental spills, and later cyber espionage on behalf of the Soviet Union. In the 1990s, with the growth of the Internet and the World Wide Web, came denial of service attacks to protest a wide variety of causes such as Mexico’s treatment of Zapatistas, French nuclear testing and wide-ranging computer attacks between Israeli and Palestinian supporters during the second Intifada.

The past 10 years have seen increases in the number, type and sophistication of online attacks. Danish companies suffered numerous attacks protesting the caricature of the Prophet. The World Bank was attacked by anti-globalization protesters, and both Estonia’s and Ukraine’s information infrastructures were disrupted by alleged Russian nationalists. Finally, China is suspected of widespread cyber espionage against the United States, European Union countries and India.

While the individual motivations and impacts of these activities vary widely, they all provide a vivid example of just how connected the world has become: Each of these attacks crossed international borders with impunity. They also show the power of the Internet: Technology enables disenfranchised people to voice their opinions and frustrations more directly and, when motivated, to take action. This leads to an important consideration: When does free speech and legitimate protest end and crime begin?

The Internet has allowed many social activists to break down the walls of government censorship in countries such as China and Iran. Most Western societies would applaud this activity as free speech, yet the governments involved would see it as criminal. What is considered free speech in Europe may be blasphemy in the Middle East.

The most recent incident of politically motivated computer crime to become public involves a malicious program call “Stuxnet.” Initial analysis of this code shows a significant shift in the evolution of these types of attacks, in terms of sophistication, motive and potential impact. Stuxnet is a program that specifically targets the computer systems used in power plants and other critical production systems. It also uses techniques that are significantly more sophisticated than previously seen. As Udo Helmbrecht, executive director of the European Network and Information Security Agency (ANISA), points out, “Stuxnet is really a paradigm shift, as Stuxnet is a new class and dimension of malware. ? The attackers have invested a substantial amount of time and money to build such a complex attack tool.”

Some analysts believe only a government could have this level of technical expertise, but that remains to be proved. There are also indications that this malicious code is specifically targeting systems in Iran; however, it has also attacked systems in India. Perhaps more disturbing is the Stuxnet attacks provide a blueprint for others – with less technical capabilities or resources – to copy.

The Stuxnet code, the cyber espionage alleged to originate in China, and attacks supporting Russian causes in Estonia and Ukraine are widely believed to have some level of government involvement. Do these governments actively sponsor cyber espionage and sabotage or merely turn a blind eye to individual actors? Perhaps they have no involvement at all – we just don’t know for sure. This is one of the most fundamental problems: In the relative anonymity and complexity of the Internet and the ability to cross international borders and jurisdictions with impunity, it is very difficult to know exactly who is behind the attacks and their exact motive. Not knowing who or why makes it very difficult to quantify the risk and determine how we should respond.

The nature of the Internet allows communications to leap-frog through many different systems, commonly called proxies, or to hijack an innocent party’s personal computer (known as zombies). Therefore, when researchers identify the source of an attack as a system in China that does not necessarily mean the person behind the attack is Chinese; it just as easily could be a Brazilian who used the Chinese system as an intermediary.

Investigating complex international, politically motivated computer crime is difficult. The only successful case resulting in arrests and convictions was the cyber espionage carried out by German nationals for the Soviet Union in 1989. Since then, every major, politically motivated international incident involving cyber activity has gone unsolved. If we can’t identify the perpetrators, how can we respond to a serious attack?

The current problem of politically motivated cyber crime is troubling: It is very difficult to investigate, incidents are growing in both number and sophistication, and the impacts (both actual and potential) are escalating. To make matters worse, industry and governments are woefully unable or unwilling to protect the data, systems and applications on which modern society depends. For-profit companies only invest the bare minimum to meet conflicting, confusing and inadequate regulations (if any exist at all), and the speed of technological change leaves government bureaucracies incapable of dealing effectively with the problem. Additionally, the vendors that create the hardware, software and applications that run the Internet have no liability for producing gaping vulnerabilities through poor designs and testing.

It is difficult to predict the future direction of politically motivated cyber crime. Will traditional terrorist organizations become more involved in cyber attacks? The IRA, Colombian-based FARC and the Red Army Faction all showed some interest in computer hacking but for whatever reason have never carried out any significant attacks. Al-Qaida supporters operate an estimated 6,000 websites to recruit, proselytize, communicate and plan attacks, but there has been no indication that they plan offensive cyber attacks. Traditional terrorist organizations tend to see the fear and disruption of physical destruction and death as more effective and easier than a cyber attack. However, as the past two decades and the increase in recent activity shows, there are a wide range of individuals, groups and possibly governments that do see network attacks as a means to further their goals and agendas.

While we can’t predict the exact targets or impacts of future activity, it is certain that politically motive cyber attacks will continue to increase and more directly impact our daily lives.

– The author is managing director of Encurve, LLC, an international risk consultancy. He has written extensively on security issues and has served as a consultant for the Organization for Economic Cooperation and Development (OECD) on the harmonization of international computer crime laws.